Rules 489 and 491 are the rules for INFO FTP No Password and INFO FTP
Bad login. An excessive amount of alerts on these rules in a small time
frame can indicate a brute force attack.
-Adam.
-----Original Message-----
From: Mandar S. Dalvi [mailto:mandard at ...2023...]
Sent: Monday, November 10, 2003 9:56 AM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] Snort Rules
hi,
I am trying to detect the Brute force FTP login attempt.
Does snort detect the Brute force FTP login attempt,if yes what is the
exact rule name for this?
thanks,
regards,
mandar.
-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/snort-sigs
****************************************************************************************
Note: The information contained in this message may be privileged and confidential and thus protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
****************************************************************************************